Configuring the Default Access Control Policy

The purpose of the default access control policy is to prevent an accidental denial of access to a cluster caused by an oversight or misconfiguration of access control policies. After you have configured access control policies that specifically grant the appropriate access to clusters, you should configure the default access control policy.

You have the following options when considering how to configure the default access control policy:

• You can configure the default policy to restrict access to clusters that do not match the policy conditions of higher-priority policies
• You can configure the default policy to grant access to everyone for clusters that do not match the policy conditions of higher-priority policies Note: This is the default configuration, but you must determine if this is best for your environment.

Prerequisite

If you want to restrict access to clusters that use the default access control policy, you must ensure the appropriate Groups and Users exist in the account.

Procedure

1. Determine who should be able to access clusters that do not have an active user-defined (non-default) access control policy:

• • This might be everyone — the default configuration
  • This might be a specific group, such as an Administrators group
  • This might be a specific person, such as the RealTheory account administrator

2. As a user with the following roles, navigate to Settings > Access Management > Access Control Policies:

• • sys_admin, or
  • all of: , , _and user_admin